1. Technical Field
The present invention relates to memory access in computer systems, and more specifically, how to control user access to particular areas of memory.
2. Description of Related Art
In a System Area Network (SAN), the hardware provides a message passing mechanism which can be used for Input/Output devices (I/O) and interprocess communications between general computing nodes (IPC). Consumers access SAN message passing hardware by posting send/receive messages to send/receive work queues on a SAN channel adapter (CA). The send/receive work queues (WQ) are assigned to a consumer as a queue pair (QP). The messages can be sent over five different transport types: Reliable Connected (RC), Reliable datagram (RD), Unreliable Connected (UC), Unreliable Datagram (UD), and Raw Datagram (RawD). Consumers retrieve the results of these messages from a completion queue (CQ) through SAN send and receive work completions (WC). The source channel adapter takes care of segmenting outbound messages and sending them to the destination. The destination channel adapter takes care of reassembling inbound messages and placing them in the memory space designated by the destination""s consumer. Two channel adapter types are present, a host channel adapter (HCA) and a target channel adapter (TCA). The host channel adapter is used by general purpose computing nodes to access the SAN fabric. Consumers use SAN verbs to access host channel adapter functions. The channel interface (CI) interprets verbs and directly accesses the channel adapter.
The HCA transfers data received on Infiniband (IB) links directly to its host system main memory and also fetches data from system main memory to be transmitted on these IB links. Currently, there are no mechanisms to provide protection against unauthorized access of this memory or to point to specific areas (regions and windows) of memory, each of which uses its own translation tables to translate the virtual addresses that reference this memory into the real addresses that the CI hardware needs to directly access it.
Therefore, it would be desirable to have mechanisms to provide protection against unauthorized access of host system main memory, as well as mechanisms that point to specific areas of this memory, which translate virtual addresses for the memory into real addresses for the CI hardware.
The present invention provides a method, system and program for controlling access to computer memory. The present invention comprises receiving a work request from a user, wherein the work request comprises an index portion and a protection portion. The index portion of the work request is used to locate an element in an address translation and protection table. The protection portion of the work request is then compared with a protection key in the table element, and access to memory is granted only if the protection portion and protection key match.